FriendsOfSymfony · Thierrygen · Nov 8, 2024
diff --git a/.gitignore b/.gitignore
@@ -1,8 +1,12 @@
+phpstan.neon
 phpunit.xml
 Tests/autoload.php
+var/
 vendor/
 Propel/om/
 Propel/map/
 composer.lock
 .php_cs.cache
 .phpunit.result.cache
+
+.idea/
diff --git a/Command/CleanCommand.php b/Command/CleanCommand.php
@@ -23,26 +23,18 @@ class CleanCommand extends Command
 {
     protected static $defaultName = 'fos:oauth-server:clean';
 
-    private $accessTokenManager;
-    private $refreshTokenManager;
-    private $authCodeManager;
-
     public function __construct(
-        TokenManagerInterface $accessTokenManager,
-        TokenManagerInterface $refreshTokenManager,
-        AuthCodeManagerInterface $authCodeManager
+        private TokenManagerInterface $accessTokenManager,
+        private TokenManagerInterface $refreshTokenManager,
+        private AuthCodeManagerInterface $authCodeManager
     ) {
         parent::__construct();
-
-        $this->accessTokenManager = $accessTokenManager;
-        $this->refreshTokenManager = $refreshTokenManager;
-        $this->authCodeManager = $authCodeManager;
     }
 
     /**
      * {@inheritdoc}
      */
-    protected function configure()
+    protected function configure(): void
     {
         parent::configure();
 
@@ -64,9 +56,15 @@ protected function execute(InputInterface $input, OutputInterface $output): int
     {
         foreach ([$this->accessTokenManager, $this->refreshTokenManager, $this->authCodeManager] as $service) {
             $result = $service->deleteExpired();
-            $output->writeln(sprintf('Removed <info>%d</info> items from <comment>%s</comment> storage.', $result, get_class($service)));
+            $output->writeln(
+                sprintf(
+                    'Removed <info>%d</info> items from <comment>%s</comment> storage.',
+                    $result,
+                    get_class($service)
+                )
+            );
         }
 
-        return 0;
+        return Command::SUCCESS;
     }
 }
diff --git a/Command/CreateClientCommand.php b/Command/CreateClientCommand.php
@@ -24,19 +24,16 @@ class CreateClientCommand extends Command
 {
     protected static $defaultName = 'fos:oauth-server:create-client';
 
-    private $clientManager;
-
-    public function __construct(ClientManagerInterface $clientManager)
-    {
+    public function __construct(
+        private ClientManagerInterface $clientManager
+    ) {
         parent::__construct();
-
-        $this->clientManager = $clientManager;
     }
 
     /**
      * {@inheritdoc}
      */
-    protected function configure()
+    protected function configure(): void
     {
         parent::configure();
 
@@ -92,6 +89,6 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 
         $io->table($headers, $rows);
 
-        return 0;
+        return Command::SUCCESS;
     }
 }
diff --git a/Controller/AuthorizeController.php b/Controller/AuthorizeController.php
@@ -18,6 +18,7 @@
 use FOS\OAuthServerBundle\Form\Handler\AuthorizeFormHandler;
 use FOS\OAuthServerBundle\Model\ClientInterface;
 use FOS\OAuthServerBundle\Model\ClientManagerInterface;
+use RuntimeException;
 use OAuth2\OAuth2;
 use OAuth2\OAuth2ServerException;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
@@ -31,7 +32,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 use Symfony\Component\Security\Core\User\UserInterface;
-use Twig\Environment as TwigEnvironment;
+use Twig\Environment;
 
 /**
  * Controller handling basic authorization.
@@ -40,61 +41,6 @@
  */
 class AuthorizeController
 {
-    /**
-     * @var ClientInterface
-     */
-    private $client;
-
-    /**
-     * @var SessionInterface
-     */
-    private $session;
-
-    /**
-     * @var Form
-     */
-    private $authorizeForm;
-
-    /**
-     * @var AuthorizeFormHandler
-     */
-    private $authorizeFormHandler;
-
-    /**
-     * @var OAuth2
-     */
-    private $oAuth2Server;
-
-    /**
-     * @var RequestStack
-     */
-    private $requestStack;
-
-    /**
-     * @var TokenStorageInterface
-     */
-    private $tokenStorage;
-
-    /**
-     * @var TwigEnvironment
-     */
-    private $twig;
-
-    /**
-     * @var UrlGeneratorInterface
-     */
-    private $router;
-
-    /**
-     * @var ClientManagerInterface
-     */
-    private $clientManager;
-
-    /**
-     * @var EventDispatcherInterface
-     */
-    private $eventDispatcher;
-
     /**
      * This controller had been made as a service due to support symfony 4 where all* services are private by default.
      * Thus, this is considered a bad practice to fetch services directly from container.
@@ -104,16 +50,16 @@ class AuthorizeController
      * @param SessionInterface $session
      */
     public function __construct(
-        RequestStack $requestStack,
-        Form $authorizeForm,
-        AuthorizeFormHandler $authorizeFormHandler,
-        OAuth2 $oAuth2Server,
-        TokenStorageInterface $tokenStorage,
-        UrlGeneratorInterface $router,
-        ClientManagerInterface $clientManager,
-        EventDispatcherInterface $eventDispatcher,
-        TwigEnvironment $twig,
-        SessionInterface $session = null
+        private RequestStack $requestStack,
+        private Form $authorizeForm,
+        private AuthorizeFormHandler $authorizeFormHandler,
+        private OAuth2 $oAuth2Server,
+        private TokenStorageInterface $tokenStorage,
+        private UrlGeneratorInterface $router,
+        private ClientManagerInterface $clientManager,
+        private EventDispatcherInterface $eventDispatcher,
+        private TwigEnvironment $twig,
+        private ?SessionInterface $session = null
     ) {
         $this->requestStack = $requestStack;
         $this->session = $session;
@@ -130,7 +76,7 @@ public function __construct(
     /**
      * Authorize.
      */
-    public function authorizeAction(Request $request)
+    public function authorizeAction(Request $request): Response
     {
         $user = $this->tokenStorage->getToken()->getUser();
 
@@ -165,10 +111,7 @@ public function authorizeAction(Request $request)
         ]);
     }
 
-    /**
-     * @return Response
-     */
-    protected function processSuccess(UserInterface $user, AuthorizeFormHandler $formHandler, Request $request)
+    protected function processSuccess(UserInterface $user, AuthorizeFormHandler $formHandler, Request $request): Response
     {
         if ($this->session && true === $this->session->get('_fos_oauth_server.ensure_logout')) {
             $this->tokenStorage->setToken(null);
@@ -194,17 +137,14 @@ protected function processSuccess(UserInterface $user, AuthorizeFormHandler $for
     /**
      * Generate the redirection url when the authorize is completed.
      *
-     * @return string
      */
-    protected function getRedirectionUrl(UserInterface $user)
+    protected function getRedirectionUrl(UserInterface $user): string
     {
         return $this->router->generate('fos_oauth_server_profile_show');
     }
 
-    /**
-     * @return ClientInterface
-     */
-    protected function getClient()
+
+    protected function getClient(): ClientInterface
     {
         if (null !== $this->client) {
             return $this->client;
@@ -238,11 +178,11 @@ protected function renderAuthorize(array $context): Response
     /**
      * @return Request|null
      */
-    private function getCurrentRequest()
+    private function getCurrentRequest(): ?Request
     {
         $request = $this->requestStack->getCurrentRequest();
         if (null === $request) {
-            throw new \RuntimeException('No current request.');
+            throw new RuntimeException('No current request.');
         }
 
         return $request;

diff --git a/Controller/TokenController.php b/Controller/TokenController.php
@@ -20,20 +20,12 @@
 
 class TokenController
 {
-    /**
-     * @var OAuth2
-     */
-    protected $server;
 
-    public function __construct(OAuth2 $server)
+    public function __construct(Private OAuth2 $server)
     {
-        $this->server = $server;
     }
 
-    /**
-     * @return Response
-     */
-    public function tokenAction(Request $request)
+    public function tokenAction(Request $request): Response
     {
         try {
             return $this->server->grantAccessToken($request);

diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
@@ -27,7 +27,7 @@ class Configuration implements ConfigurationInterface
     /**
      * {@inheritdoc}
      */
-    public function getConfigTreeBuilder()
+    public function getConfigTreeBuilder(): TreeBuilder
     {
         $treeBuilder = new TreeBuilder('fos_oauth_server');
         $rootNode = $treeBuilder->getRootNode();

diff --git a/DependencyInjection/Security/Factory/OAuthFactory.php b/DependencyInjection/Security/Factory/OAuthFactory.php
@@ -13,6 +13,7 @@
 
 namespace FOS\OAuthServerBundle\DependencyInjection\Security\Factory;
 
+use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AuthenticatorFactoryInterface;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface;
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
 use Symfony\Component\DependencyInjection\ChildDefinition;
@@ -24,8 +25,25 @@
  *
  * @author Arnaud Le Blanc <[email protected]>
  */
-class OAuthFactory implements SecurityFactoryInterface
+class OAuthFactory implements AuthenticatorFactoryInterface, SecurityFactoryInterface
 {
+
+    /**
+     * {@inheritdoc}
+     */
+    public function createAuthenticator(ContainerBuilder $container, string $id, array $config, string $userProviderId)
+    {
+        $providerId = 'fos_oauth_server.security.authentication.authenticator.'.$id;
+        $container
+            ->setDefinition($providerId, new ChildDefinition('fos_oauth_server.security.authentication.authenticator'))
+            ->replaceArgument(0, new Reference('fos_oauth_server.server'))
+            ->replaceArgument(1, new Reference('security.user_checker.'.$id))
+            ->replaceArgument(2, new Reference($userProviderId))
+        ;
+
+        return $providerId;
+    }
+
     /**
      * {@inheritdoc}
      */

diff --git a/Resources/config/doctrine/AccessToken.mongodb.xml b/Resources/config/doctrine/AccessToken.mongodb.xml
@@ -5,8 +5,8 @@
                         http://doctrine-project.org/schemas/odm/doctrine-mongo-mapping.xsd">
 
     <mapped-superclass name="FOS\OAuthServerBundle\Document\AccessToken">
-        <field name="token" fieldName="token" type="string" unique="true" />
-        <field name="expiresAt" fieldName="expiresAt" type="int" nullable="true" />
-        <field name="scope" fieldName="scope" type="string" nullable="true" />
+        <field name="token" type="string" unique="true" />
+        <field name="expiresAt" type="int" nullable="true" />
+        <field name="scope" type="string" nullable="true" />
     </mapped-superclass>
 </doctrine-mongo-mapping>
diff --git a/Resources/config/doctrine/AuthCode.mongodb.xml b/Resources/config/doctrine/AuthCode.mongodb.xml
@@ -5,9 +5,9 @@
                         http://doctrine-project.org/schemas/odm/doctrine-mongo-mapping.xsd">
 
     <mapped-superclass name="FOS\OAuthServerBundle\Document\AuthCode">
-        <field name="token" fieldName="token" type="string" unique="true" />
-        <field name="redirectUri" fieldName="redirectUri" type="string" />
-        <field name="expiresAt" fieldName="expiresAt" type="int" nullable="true" />
-        <field name="scope" fieldName="scope" type="string" nullable="true" />
+        <field name="token" type="string" unique="true" />
+        <field name="redirectUri" type="string" />
+        <field name="expiresAt" type="int" nullable="true" />
+        <field name="scope" type="string" nullable="true" />
     </mapped-superclass>
 </doctrine-mongo-mapping>
diff --git a/Resources/config/doctrine/Client.mongodb.xml b/Resources/config/doctrine/Client.mongodb.xml
@@ -5,9 +5,9 @@
                         http://doctrine-project.org/schemas/odm/doctrine-mongo-mapping.xsd">
 
     <mapped-superclass name="FOS\OAuthServerBundle\Document\Client">
-        <field name="randomId" fieldName="randomId" type="string" />
-        <field name="redirectUris" fieldName="redirectUris" type="collection" />
-        <field name="secret" fieldName="secret" type="string" />
-        <field name="allowedGrantTypes" fieldName="allowedGrantTypes" type="collection" />
+        <field name="randomId" type="string" />
+        <field name="redirectUris" type="collection" />
+        <field name="secret" type="string" />
+        <field name="allowedGrantTypes" type="collection" />
     </mapped-superclass>
 </doctrine-mongo-mapping>
diff --git a/Resources/config/doctrine/RefreshToken.mongodb.xml b/Resources/config/doctrine/RefreshToken.mongodb.xml
@@ -5,8 +5,8 @@
                         http://doctrine-project.org/schemas/odm/doctrine-mongo-mapping.xsd">
 
     <mapped-superclass name="FOS\OAuthServerBundle\Document\RefreshToken">
-        <field name="token" fieldName="token" type="string" unique="true" />
-        <field name="expiresAt" fieldName="expiresAt" type="int" nullable="true" />
-        <field name="scope" fieldName="scope" type="string" nullable="true" />
+        <field name="token" type="string" unique="true" />
+        <field name="expiresAt" type="int" nullable="true" />
+        <field name="scope" type="string" nullable="true" />
     </mapped-superclass>
 </doctrine-mongo-mapping>
diff --git a/Resources/config/security.xml b/Resources/config/security.xml
@@ -5,12 +5,19 @@
     xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
 
     <parameters>
+        <parameter key="fos_oauth_server.security.authentication.authenticator.class">FOS\OAuthServerBundle\Security\Authentication\Authenticator\OAuthAuthenticator</parameter>
         <parameter key="fos_oauth_server.security.authentication.provider.class">FOS\OAuthServerBundle\Security\Authentication\Provider\OAuthProvider</parameter>
         <parameter key="fos_oauth_server.security.authentication.listener.class">FOS\OAuthServerBundle\Security\Firewall\OAuthListener</parameter>
         <parameter key="fos_oauth_server.security.entry_point.class">FOS\OAuthServerBundle\Security\EntryPoint\OAuthEntryPoint</parameter>
     </parameters>
 
     <services>
+        <service id="fos_oauth_server.security.authentication.authenticator" class="%fos_oauth_server.security.authentication.authenticator.class%" public="false">
+            <argument type="service" id="fos_oauth_server.server" />
+            <argument type="service" id="security.user_checker" />
+            <argument /> <!-- user provider -->
+        </service>
+
         <service id="fos_oauth_server.security.authentication.provider" class="%fos_oauth_server.security.authentication.provider.class%" public="false">
             <argument /> <!-- user provider -->
             <argument type="service" id="fos_oauth_server.server" />